man pages: add documentation about --cgroupmap

man/man8/execsnoop.8

@@ -1,9 +1,9 @@
-.TH execsnoop 8  "2016-02-07" "USER COMMANDS"
+.TH execsnoop 8  "2020-02-20" "USER COMMANDS"
 .SH NAME
 execsnoop \- Trace new processes via exec() syscalls. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
 .B execsnoop [\-h] [\-T] [\-t] [\-x] [\-q] [\-n NAME] [\-l LINE]
-.B           [\-\-max-args MAX_ARGS]
+.B           [\-\-max-args MAX_ARGS]  [\-\-cgroupmap MAPPATH]
 .SH DESCRIPTION
 execsnoop traces new processes, showing the filename executed and argument
 list.
@@ -46,6 +46,9 @@ Only print commands where arg contains this line (regex)
 .TP
 \--max-args MAXARGS
 Maximum number of arguments parsed and displayed, defaults to 20
+.TP
+\-\-cgroupmap MAPPATH
+Trace cgroups in this BPF map only (filtered in-kernel).
 .SH EXAMPLES
 .TP
 Trace all exec() syscalls:
@@ -71,6 +74,10 @@ Only trace exec()s where the filename contains "mount":
 Only trace exec()s where argument's line contains "testpkg":
 #
 .B execsnoop \-l testpkg
+.TP
+Trace a set of cgroups only (see filtering_by_cgroups.md from bcc sources for more details):
+#
+.B execsnoop \-\-cgroupmap /sys/fs/bpf/test01
 .SH FIELDS
 .TP
 TIME

man/man8/opensnoop.8

@@ -1,9 +1,10 @@
-.TH opensnoop 8  "2015-08-18" "USER COMMANDS"
+.TH opensnoop 8  "2020-02-20" "USER COMMANDS"
 .SH NAME
 opensnoop \- Trace open() syscalls. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
 .B opensnoop.py [\-h] [\-T] [\-U] [\-x] [\-p PID] [\-t TID] [\-u UID]
              [\-d DURATION] [\-n NAME] [\-e] [\-f FLAG_FILTER]
+             [--cgroupmap MAPPATH]
 .SH DESCRIPTION
 opensnoop traces the open() syscall, showing which processes are attempting
 to open which files. This can be useful for determining the location of config
@@ -54,6 +55,9 @@ Show extended fields.
 .TP
 \-f FLAG
 Filter on open() flags, e.g., O_WRONLY.
+.TP
+\--cgroupmap MAPPATH
+Trace cgroups in this BPF map only (filtered in-kernel).
 .SH EXAMPLES
 .TP
 Trace all open() syscalls:
@@ -95,6 +99,10 @@ Show extended fields:
 Only print calls for writing:
 #
 .B opensnoop \-f O_WRONLY \-f O_RDWR
+.TP
+Trace a set of cgroups only (see filtering_by_cgroups.md from bcc sources for more details):
+#
+.B opensnoop \-\-cgroupmap /sys/fs/bpf/test01
 .SH FIELDS
 .TP
 TIME(s)
@@ -142,4 +150,4 @@ Unstable - in development.
 .SH AUTHOR
 Brendan Gregg
 .SH SEE ALSO
-funccount(1)
+execsnoop(8), funccount(1)

man/man8/tcpaccept.8

@@ -1,8 +1,8 @@
-.TH tcpaccept 8  "2019-03-08" "USER COMMANDS"
+.TH tcpaccept 8  "2020-02-20" "USER COMMANDS"
 .SH NAME
 tcpaccept \- Trace TCP passive connections (accept()). Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcpaccept [\-h] [\-T] [\-t] [\-p PID] [\-P PORTS]
+.B tcpaccept [\-h] [\-T] [\-t] [\-p PID] [\-P PORTS] [\-\-cgroupmap MAPPATH]
 .SH DESCRIPTION
 This tool traces passive TCP connections (eg, via an accept() syscall;
 connect() are active connections). This can be useful for general
@@ -33,6 +33,9 @@ Trace this process ID only (filtered in-kernel).
 .TP
 \-P PORTS
 Comma-separated list of local ports to trace (filtered in-kernel).
+.TP
+\-\-cgroupmap MAPPATH
+Trace cgroups in this BPF map only (filtered in-kernel).
 .SH EXAMPLES
 .TP
 Trace all passive TCP connections (accept()s):
@@ -50,6 +53,10 @@ Trace connections to local ports 80 and 81 only:
 Trace PID 181 only:
 #
 .B tcpaccept \-p 181
+.TP
+Trace a set of cgroups only (see filtering_by_cgroups.md from bcc sources for more details):
+#
+.B tcpaccept \-\-cgroupmap /sys/fs/bpf/test01
 .SH FIELDS
 .TP
 TIME
@@ -99,4 +106,4 @@ Unstable - in development.
 .SH AUTHOR
 Brendan Gregg
 .SH SEE ALSO
-tcpconnect(8), funccount(8), tcpdump(8)
+tcptracer(8), tcpconnect(8), funccount(8), tcpdump(8)

man/man8/tcpconnect.8

@@ -1,8 +1,8 @@
-.TH tcpconnect 8  "2015-08-25" "USER COMMANDS"
+.TH tcpconnect 8  "2020-02-20" "USER COMMANDS"
 .SH NAME
 tcpconnect \- Trace TCP active connections (connect()). Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcpconnect [\-h] [\-c] [\-t] [\-x] [\-p PID] [-P PORT]
+.B tcpconnect [\-h] [\-c] [\-t] [\-x] [\-p PID] [-P PORT] [\-\-cgroupmap MAPPATH]
 .SH DESCRIPTION
 This tool traces active TCP connections (eg, via a connect() syscall;
 accept() are passive connections). This can be useful for general
@@ -33,6 +33,9 @@ Trace this process ID only (filtered in-kernel).
 .TP
 \-P PORT
 Comma-separated list of destination ports to trace (filtered in-kernel).
+.TP
+\-\-cgroupmap MAPPATH
+Trace cgroups in this BPF map only (filtered in-kernel).
 .SH EXAMPLES
 .TP
 \-U
@@ -68,6 +71,10 @@ Trace UID 1000 only:
 Count connects per src ip and dest ip/port:
 #
 .B tcpconnect \-c
+.TP
+Trace a set of cgroups only (see filtering_by_cgroups.md from bcc sources for more details):
+#
+.B tcpconnect \-\-cgroupmap /sys/fs/bpf/test01
 .SH FIELDS
 .TP
 TIME(s)
@@ -116,4 +123,4 @@ Unstable - in development.
 .SH AUTHOR
 Brendan Gregg
 .SH SEE ALSO
-tcpaccept(8), funccount(8), tcpdump(8)
+tcptracer(8), tcpaccept(8), funccount(8), tcpdump(8)

man/man8/tcptracer.8

@@ -1,8 +1,8 @@
-.TH tcptracer 8  "2017-03-27" "USER COMMANDS"
+.TH tcptracer 8  "2020-02-20" "USER COMMANDS"
 .SH NAME
 tcptracer \- Trace TCP established connections. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcptracer [\-h] [\-v] [\-p PID] [\-N NETNS]
+.B tcptracer [\-h] [\-v] [\-p PID] [\-N NETNS] [\-\-cgroupmap MAPPATH]
 .SH DESCRIPTION
 This tool traces established TCP connections that open and close while tracing,
 and prints a line of output per connect, accept and close events. This includes
@@ -29,6 +29,8 @@ Trace this process ID only (filtered in-kernel).
 \-N NETNS
 Trace this network namespace only (filtered in-kernel).
 .TP
+\-\-cgroupmap MAPPATH
+Trace cgroups in this BPF map only (filtered in-kernel).
 .SH EXAMPLES
 .TP
 Trace all TCP established connections:
@@ -46,6 +48,10 @@ Trace PID 181 only:
 Trace connections in network namespace 4026531969 only:
 #
 .B tcptracer \-N 4026531969
+.TP
+Trace a set of cgroups only (see filtering_by_cgroups.md from bcc sources for more details):
+#
+.B tcptracer \-\-cgroupmap /sys/fs/bpf/test01
 .SH FIELDS
 .TP
 TYPE